CVE-2024-57050

A vulnerability in the TP-Link WR840N v6 router with firmware version 0.9.1 4.16 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory.When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing the authentication.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tp-link:wr840n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:wr840n:6:*:*:*:*:*:*:*

History

06 Jun 2025, 17:59

Type Values Removed Values Added
CPE cpe:2.3:o:tp-link:wr840n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:wr840n:6:*:*:*:*:*:*:*
First Time Tp-link wr840n
Tp-link wr840n Firmware
Tp-link
References () https://github.com/Shuanunio/CVE_Requests/blob/main/TP-Link/WR840N%20v6/ACL%20bypass%20Vulnerability%20in%20TP-Link%20TL-WR840N.md - () https://github.com/Shuanunio/CVE_Requests/blob/main/TP-Link/WR840N%20v6/ACL%20bypass%20Vulnerability%20in%20TP-Link%20TL-WR840N.md - Third Party Advisory, Exploit

19 Feb 2025, 15:15

Type Values Removed Values Added
CWE CWE-287
Summary
  • (es) Una vulnerabilidad en el TP-Link WR840N V6 router con el firmware Versión 0.9.1 4.16 y antes permite a las personas no autorizadas omitir la autenticación de algunas interfaces en el directorio/CGI. Cuando agregue el referente: http://tplinkwifi.netnet. a la solicitud, se reconocerá como aprobar la autenticación.
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

18 Feb 2025, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-02-18 15:15

Updated : 2025-06-06 17:59


NVD link : CVE-2024-57050

Mitre link : CVE-2024-57050

CVE.ORG link : CVE-2024-57050


JSON object : View

Products Affected

tp-link

  • wr840n
  • wr840n_firmware
CWE
CWE-287

Improper Authentication